search

kumahq / kuma

🐻 The multi-zone service mesh for containers, Kubernetes and VMs. Built with Envoy. CNCF Sandbox Project.
https://kuma.io/install
Apache License 2.0
3.6k stars 332 forks source link

Wrong http header Host on probe proxing #7632

Open EutiziStefano opened 1 year ago

EutiziStefano commented 1 year ago

What happened?

In http probes proxied by kuma sidecar we discover a wrong http host header. Our application expose probes endpoint on 8080 port, virtual probe use port 9000. At layer 4 level all is working fine, requests are proxied from 9000 to 8080 port, but at layer 7 the http header is not correct, because it still reporting port 9000. We dump the probe request from the application point of view:

::ffff:127.0.0.6 - - [01/Sep/2023:07:14:20 +0000] "GET  /   HTTP/1.1"
{       
    "path": "/",        
    "headers”: {        
        "host": "10.228.107.53:9000",       
        "user-agent": "kube-probe/1.23",        
        "accept": "*/*",        
        "x-forwarded-proto": "http",        
        "x-request-id": "c5f14ed8-2365-4891-afc7-382deee3419a",     
        "x-envoy-expected-rq-timeout-ms": "15000",      
        "x-envoy-original-path": "/8080/"       
    },
    "method": "GET",        
    "body": "",     
    "fresh": false,     
    "hostname": "10.228.107.53",        
    "ip": "::ffff:127.0.0.6",       
    "ips": [],      
    "protocol": "http",     
    "query": {},        
    "subdomains": [],       
    "xhr": false,       
    "os": {     
        "hostname": "test-echo-79c945cbd8-pmbz5"        
    },  
    "connection": {}        
}

I think that as at layer 4 the port is corrected from 9000 to 8080, and the path is adjusted, also the header host should be fixed, because the application would possibly check that it is correct, in that case we would have an error.

Thanks Stefano

github-actions[bot] commented 9 months ago

This issue was inactive for 90 days. It will be reviewed in the next triage meeting and might be closed. If you think this issue is still relevant, please comment on it or attend the next triage meeting.

github-actions[bot] commented 6 months ago

This issue was inactive for 90 days. It will be reviewed in the next triage meeting and might be closed. If you think this issue is still relevant, please comment on it or attend the next triage meeting.

github-actions[bot] commented 2 months ago

This issue was inactive for 90 days. It will be reviewed in the next triage meeting and might be closed. If you think this issue is still relevant, please comment on it or attend the next triage meeting.